Privacy Policy


Privacy Policy for GMFRS Training and Safety Centre

  • Organisation Name: Greater Manchester Combined Authority
  • ICO Registration reference Z5119967 Customer enquiries
  • Contact Details: -
  • Data Controller: Greater Manchester Combined Authority, Churchgate House 56 Oxford Street, Manchester M1 6EU
  • Data Protection Officer Details: - Phillipa Nazari

Greater Manchester Fire and Rescue Service Training and Safety Centre

Located in Bury, Greater Manchester, at the largest Fire-Fighter training facility in the UK, is a purpose built Greater Manchester Fire and Rescue Service Training and Safety Centre. Designed to inform visitors of all ages about how to protect themselves against fire and other dangers.

Purpose and Legal Basis for Processing Information in this Service

GMFRS is part of the GMCA and for school and other group visits GMCA needs to collect and store the details of the organisers of the visits for contact purposes. The details we will require is name, email address, telephone number and the name and address of the organisation you are booking a visit for. On the day of the visit we will use your attendance list to add the names of the attendees to an attendance certificate. The list will be returned to you on the day or safe shred and the names will not be stored on our systems. We may use this information to provide statistics which will not identify you as an individual but will help to monitor our performance.

You have contacted the centre and organised a visit delivered by GMFRS, the legal basis for ensuring processing of information is that the processing is necessary to meet contractual obligations entered into by the organiser of the visit.

We may ask the organiser of the visit is it is ok to take photographs of the attendees interacting with the exhibit and experiences. If the organiser agrees to the taking of photographs they will be asked to sign a consent form. These photographs and details of the visits these may be used within the centre for case study purposes or on social Twitter or Facebook to market the centre. Consent can be withdrawn at any time by contacting the centre and we will remove any photographs of your group from our materials.

This consent form is the the legal basis for the processing and use of any photographs of your visit. GMCA must comply with the General Data Protection Regulations (GDPR) and the Data Protection Act 2018. Find out more about your rights from the Information Commissioners Office (opens in a new tab).

How we ensure the security of your data

GMCA is committed to the security of the information we collect and we utilise reasonable measures to prevent unauthorised access to that information. The authority is required to demonstrate that our solutions meet the required levels or personal, procedural, policy, data and technical security. The standards in ISO27001:2013 are applied as a benchmark. The authority are also certified under the Cyber Essentials (basic) Scheme. GMCA will only process personal information for the purposes it has been collected or subsequently authorised by the individual. All awarding bodies and any external bodies will be requested to provide evidence that they are certified (or are working towards) the Cyber Essentials Scheme.

If we believe your information has been breached we will inform you, fully investigate the breach and take appropriate action. This action may include the involvement of law enforcement and the Information Commissioners Office

Information Retention

GMCA are committed to managing information in line with the needs of our organisation and we keep the contact details of the organiser of the visit for 3 years after completion of the course. After this time it will be destroyed using appropriate destruction techniques. We may keep details of the school party including address of the school and year group for statistical purposes. The list of attendees will be used to add names to certificates and will be returned to the visit organiser immediately. The information will not be retained on our systems.

What rights do individuals have?

Under the GDPR, individuals have specific rights. Find out more about your rights from the Information Commissioners Office (opens in a new tab).

Transferring data

GMCA collects the minimum amount of information relating to organisers of visits and do not routinely transfer this information to other systems or organisations. Data can sometimes be disclosed without consent, where, for example, it is required for:

  • Protecting the vital interests of the data subject (e.g. release of medical data in an emergency)
  • The prevention or detection of crime

The consequences of the organisers failure to provide data

The organiser is required to supply personal information to enable the officers on site to contact the organiser and the school to facilitate the visit. Failure to supply the required information may lead to the school or organisation being unable to visit the facility. Failure to provide a list of attendees will mean that visitors will not be able to have certificates of attendance. In this instance the visit may still go ahead

How the data subject can exercise the right to object or raise Subject access requests

If you wish to see the information we hold about you please submit a Subject Access Request. If you wish to exercise any of your information rights please submit your request in writing to You may be asked to provide photo ID before we release your information.

ICO Contact Details

If you are not satisfied with our response to your request or believe we are not processing your personal data in accordance with the law you can contact the Information Commissioners’ Office (opens in a new window)